Overview
Create the right type of pentest for your needs.
You’ll start creating your pentest on the Overview page. We’ll use this information to create the right type of pentest for your needs.
1. Name the Pentest
Change the default Title if you have specific naming conventions
Default title format: {Asset Name} {MM/YYYY}
2. Set your Test Goals
Help us understand your goals — whether it’s meeting compliance, assessing security risks, or testing a recent update. Your answer ensures a more effective pentest.
3. Set the Test Focus
Determine the focus for your test based on your use case, reporting needs and target audience.
| Narrow Scope (Agile) | Broad Scope (Comprehensive) | |
|---|---|---|
| Definition | Pentest performed by Cobalt pentesters focuses on code changes or a specific area of an asset and comes with an Automated Report intended for internal use | Pentest is performed by Cobalt pentesters for security audit, compliance audit, or customer attestation and includes comprehensive reports intended for external stakeholders |
| Pentest Scope | Specific part of an asset | Broad area of an asset |
| Use Cases | New release or feature testing Delta testing Exploitable vulnerability testing Single OWASP category testing Microservice testing Internal security testing | Comprehensive security audit Compliance audit testing based on the frameworks such as SOC 2, ISO 27001, PCI-DSS, CREST, or HIPAA M&A due diligence Internal or third-party attestation request |
| Standard pentest timelines | 3 or 4 credits: 7 days From 5 credits: 14 days | 14 days |
| Available Pentest Reports | Automated Report | Report written by pentesters Customer Letter Attestation Letter Attestation Report Full Report Full Report + Finding Details |
| Report Target Audience | Internal stakeholders | External stakeholders |
4. Set your test Methodology
Pentesters follow specific methodologies for each test. If your environment includes multiple asset types that can’t be effectively combined into a single test, we recommend creating separate tests.
Last modified September 19, 2025